This project develops hybrid static and dynamic analysis approaches for finding errors in PHP applications. We have released Phantm, an open-source tool written in Scala, which contains a full parser, a  static analyzer for type errors, and a library to save and restore representations of concrete program states. PHP scripts are behind many web sites, including wikis, content management systems, and social networking web sites. It is used major web actors, such as Wikipedia, Facebook and Yahoo.

Unfortunately, it is very easy to write PHP scripts that contain errors. This project develops hybrid static and dynamic analysis approaches for finding errors in PHP applications. We have released Phantm, an open-source tool written in Scala, which contains a full parser that passes the ~10’000 tests from the PHP test suite, a static analyzer for type errors, and a library to save and restore representations of concrete program states. The analyzer’s notion of type also represents certain concrete values manipulated by the program.

Phantm supports a large number of PHP constructs in their most common usage scenarios, with the goal of maximizing the usefulness of the tool. Flow sensitive analysis of structured values enables Phantm to handle, e.g., frequently occurring code that uses untyped arrays with string keys as a substitute for records. We have applied Phantm to over 50’000 lines of PHP code, including the popular DokuWiki software, which has a plug-in architecture. The analysis identified 200 problems in the code and in the type hints of the original source code base. These problems can cause exploits, infinite loops, and crashes; the use of Phantm enabled these problems to be detected and removed.